Vulnerability Description
A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xiweicheng | Teamwork Management System | <= 2.28.0 |
Related Weaknesses (CWE)
References
- https://github.com/ha1yu-Yiqiyin/warehouse/blob/main/TMS_v2.28.0_XSS-1.mdExploitThird Party Advisory
- https://vuldb.com/?ctiid.336939Permissions RequiredVDB Entry
- https://vuldb.com/?id.336939Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.708322Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-14801?
CVE-2025-14801 is a vulnerability with a CVSS score of 2.4 (LOW). A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content lea...
How severe is CVE-2025-14801?
CVE-2025-14801 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14801?
Check the references section above for vendor advisories and patch information. Affected products include: Xiweicheng Teamwork Management System.